Description
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.
Affected products
- accipiter / accipiter_direct_server6.0 – 6.0
References
- MISChttp://www.securityfocus.com/bid/9389
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/14198
- MAILING_LISThttp://marc.info/?l=bugtraq&m=107392576215418&w=2
- MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-01/0274.html
- MISChttp://www.osvdb.org/3433
- VENDOR_ADVISORYhttp://secunia.com/advisories/10600